diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 55faeabf..5dd0a538 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -9547,7 +9547,7 @@ "description": "Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM.", "meta": { "attribution-confidence": "75", - "cfr-suspected-state-sponsor": "Iran", + "cfr-suspected-state-sponsor": "Lebanon", "cfr-suspected-victims": [ "Israel" ], @@ -9562,7 +9562,7 @@ "Transportation systems" ], "cfr-type-of-incident": "Espionage", - "country": "IR", + "country": "LB", "refs": [ "https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/" ]